Endpoint Protection

 View Only

  • 1.  definition

    Posted Jan 25, 2012 05:40 AM

    Hi Guys,

    We are using Symantec Endpoint protection 11.05.

    When we insert the usb drive in to the system,it shows as a threat.

    After disconnecting the usb drive, its creating exe files.



  • 2.  RE: definition

    Posted Jan 25, 2012 05:44 AM

    Check this article & block the autorun.inf its vey helpful to you.

    http://www.symantec.com/business/support/index?page=content&id=TECH104909&actp=search&viewlocale=en_US&searchid=1327487608209



  • 3.  RE: definition

    Trusted Advisor
    Posted Jan 25, 2012 05:49 AM

    Hello,

    I would suggest you to Run a Full scan on your USB drive.

    Secondly, Is the SEP updated with Latest Virus Definitions?

    Is the machine installed with all the Microsoft Service Packs and Security Patches?

    Hope that helps!!



  • 4.  RE: definition

    Posted Jan 25, 2012 05:54 AM

    Hi Mithun,

    That already we done fullscan after updated the microsoft patches.



  • 5.  RE: definition

    Posted Jan 25, 2012 06:05 AM

    What is the filename of that .exe ? What risk name appear?

     

    Did SEP managed to clean/quarantine/delete it?

     

    At which location the file created?

     



  • 6.  RE: definition

    Posted Jan 25, 2012 06:23 AM

    Collect that .exe file and submit to the security response team and let them analize.

    https://submit.symantec.com/websubmit/gold.cgi



  • 7.  RE: definition

    Trusted Advisor
    Posted Jan 25, 2012 06:25 AM

    Hello,

    Let me get it right, you say that these .exe files are created after you have Removed the USB drive and till the drive was in the Drive. It was not creating the .exe files correct?

    1) Is this USB a External Drive or a USB meant for Internet Purposes?

    2) Could you let us know the path where the .exe files are getting created? Could you also attach a screenshot?

    3) Symantec is detecting it as which Threat?

    Awaiting Reply.